Which of the following is a requirement of PCI DSS?

The requirement to encrypt the transmission of cardholder data is a fundamental aspect of the Payment Card Industry Data Security Standard (PCI DSS). This framework was established to enhance payment account security by ensuring that sensitive information, such as cardholder data, is protected during transmission over networks. Encryption helps safeguard this data from interception by unauthorized parties during transit, reducing the risk of data breaches and fraud.

This requirement underscores the importance of securing data not just when it is stored, but also while it is being transmitted between payment terminals, processors, and banks. By implementing robust encryption protocols, organizations can significantly mitigate the risk of exposing sensitive payment information to potential threats.

In contrast, the other options do not directly align with fundamental requirements of PCI DSS. For example, maintaining customer loyalty programs is beneficial for businesses but falls outside the purview of payment security. Similarly, while there are guidelines regarding the retention period of cardholder data, the specific stipulation to store such data for only five years is not a PCI DSS requirement; organizations are typically urged to minimize data storage as much as possible. Lastly, utilizing unrestricted access for all employees directly contradicts PCI DSS principles that require limiting access to sensitive data on a need-to-know basis to enhance security.